Server Probing

AMD Paulius_J Jazauskas amdpaulius at gmail.com
Fri Feb 1 06:14:20 UTC 2013 

Well, only looking on what's inside a server is not so bad, but most of the
time a "brute force" comes after a "look".

If I understand correct, *apnic* is like an asian network center which
gives IPs for a very wide region. I agree, blocking China would definitely
reduce the "door rattling" by more than 50% (but it would probably take all
day to type all ranges), once I tracked many attacker IPs and most of them
were from asia, but I found out that they may take over some European
servers too, and then use them for scanning, brute forcing.

Actually sometimes I get angry at all those spammers, scammers, phishers.
Who do they think they are, acting without any morality.

On Fri, Feb 1, 2013 at 1:41 AM, geofrey rainey <
geofrey.rainey at enterpriseit.co.nz> wrote:

> "Exact" is probably the wrong term, there's a difference between sitting
> on one's computer and sending a tcp packet to another computer than
> physically going on to one's property with the intention of looking for
> entry points. The former is something that I do out of interest, interest
> in finding out what a server on a network might be running, improve my
> networking skills, and so-forth, it might be, frankly, quite arbitrary
> deemed "really bad" by corporates that have left holes that clever crackers
> are able to exploit and steal stuff and sure, I am not advocating that and
> understand that it is theft and so-forth, but frankly, scanning a host is
> hardly a major criminal offence and it's an excessive use of legal power to
> assert that it is tantamount to some burglar trying to break in to a
> building or something.
>
>
>
> On 02/01/2013 11:03 AM, Tom Burke wrote:
>
>> Unless you have permission, that's exactly what it is.  Why else would you
>> be rattling their firewall, except to probe their vulnerabilities?
>>
>> And if you're probing their vulnerabilities without permission, then why
>> are you doing it?
>>
>> IIRC, there is, in fact, legal precedence on this, too.
>>
>> On a related note, I used to drop *.apnic.* into my filters, and that got
>> rid of over 80% of the door rattling.
>>
>> Of course, it pretty much blocked everyone in China, Japan, New Zealand,
>> Australia, and so on..
>>
>> On Thu, Jan 31, 2013 at 4:43 PM, geofrey rainey <
>> geofrey.rainey at enterpriseit.**co.nz <geofrey.rainey at enterpriseit.co.nz>>
>> wrote:
>>
>>  I just don't think rattling locks and peeking in windows is analogous to
>>> sending a few tcp packets to a server on the internet really.
>>>
>>> On 02/01/2013 01:20 AM, Tom Curl wrote:
>>>
>>>  Unless you have permission from the owner of the server, you should be
>>>> banned. Gee, I just think I'll rattle the locks on your doors and peak
>>>> through your windows just to see what you are doing Geofrey.
>>>>
>>>>
>>>>
>>>> On Thu, 2013-01-31 at 10:13 +1300, geofrey rainey wrote:
>>>>
>>>>  I don't think i'd advise permanently blocking IP's - sometimes I nmap
>>>>> an
>>>>> IP just because I am interested to see what's running or whatever but
>>>>> wouldn't expect to be "banned" for doing this...
>>>>>
>>>>>
>>>>> On 01/30/2013 06:56 PM, AMDPaulius Paulius wrote:
>>>>>
>>>>>  Yeah, even my small home server which is not advertised anywhere gets
>>>>>> scanned daily. They are always trying to brute force into FTP, or
>>>>>> SSH. I
>>>>>> use iptables to block those IPs completely.
>>>>>>
>>>>>> On Wed, Jan 30, 2013 at 1:46 AM, Florez, Nestor <NFlorez at sdcwa.org>
>>>>>> wrote:
>>>>>>
>>>>>>   THANKS!!!
>>>>>>
>>>>>>> Né§t☼r
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: redhat-list-bounces at redhat.com [mailto:
>>>>>>> redhat-list-bounces at redhat.com****] On Behalf Of m.roth at 5-cent.us
>>>>>>> Sent: Tuesday, January 29, 2013 2:30 PM
>>>>>>> To: General Red Hat Linux discussion list
>>>>>>> Subject: RE: Server Probing
>>>>>>>
>>>>>>> Florez, Nestor wrote:
>>>>>>>
>>>>>>>  [mailto:redhat-list-bounces@****redhat.com <http://redhat.com><
>>>>>>>> redhat-list-**bounces at redhat.com <redhat-list-bounces at redhat.com>>]
>>>>>>>> On Behalf Of Florez, Nestor
>>>>>>>>
>>>>>>>>   I will take a look at fail2ban
>>>>>>>> You guys mentioned fail2ban, Does redhat has it available? Where?
>>>>>>>>
>>>>>>>>  epel.
>>>>>>>
>>>>>>>            mark
>>>>>>>
>>>>>>> --
>>>>>>> redhat-list mailing list
>>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<http://redhat.com>
>>>>>>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com>>
>>>>>>> ?subject=unsubscribe
>>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<https://www.redhat.com/**mailman/listinfo/redhat-list>
>>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> redhat-list mailing list
>>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<http://redhat.com>
>>>>>>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com>>
>>>>>>> ?subject=unsubscribe
>>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<https://www.redhat.com/**mailman/listinfo/redhat-list>
>>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>>>>>>> >
>>>>>>>
>>>>>>>   --
>>>>>>>
>>>>>> redhat-list mailing list
>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<http://redhat.com>
>>>>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com>>
>>>>> ?subject=unsubscribe
>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<https://www.redhat.com/**mailman/listinfo/redhat-list>
>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>>>>> >
>>>>>
>>>>>
>>>>  --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<http://redhat.com>
>>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com>>
>>> ?subject=unsubscribe
>>> https://www.redhat.com/****mailman/listinfo/redhat-list<https://www.redhat.com/**mailman/listinfo/redhat-list>
>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>>> >
>>>
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.com>
> ?subject=unsubscribe
> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>

More information about the redhat-list mailing list